The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Monday, December 31, 2012

Privacy commissioner to investigate HRSDC privacy breach

According to a report in the London Free Press, the Office of the Privacy Commissioner of Canada appears to be planning to investigate the appalling privacy breach that was announced last week. The language is not as definitive as I would like, however:

LONDON, Ont. - The federal privacy commissioner is poised to launch a full investigation into a security lapse that lost the private information of about 5,000 Canadians.

“I think you can expect that we will be investigating the matter,” Anne-Marie Hayden, spokesperson for the Privacy Commissioner of Canada, said Monday.

The commissioner’s office has already received 100 calls and several official complaints about the loss of a USB stick that contained private medical, employment and education information, as well as Social Insurance numbers.

It would be gravely disappointing if the OPC does not do a full investigation of this breach along with strong recommendations to prevent it from happening again.

Government needs to be held to an even higher standard than the private sector. People do not have a consensual relationship with government. If you do not like how your bank handles your personal information, you can easily switch to another one. If you're not happy with Instagram's new privacy policy, you can close your account. You cannot do that with government. If Human Resources and Skills Development Canada is incompetent in safeguarding sensitive personal information and cavalier in its response, you can't go looking for another Canada Pension Plan provider.

If this breach involved one of the big California-based internet giants, you can bet there would be a full investigation and further calls for order-making powers and the ability to levy fines.

I hope to see a full and public investigation, followed by calls to amend the Privacy Act to bring it into line with more modern provincial statutes that make it an offense to willfully violate the privacy of Canadians.

Please note that I am only able to provide legal advice to clients of my firm. If you have a privacy matter, please contact me about becoming a client. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser may not be protected by solicitor-client privilege.

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Due to professional ethics, the author may not be able to comment on matters in which a client has an interest. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.